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NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS. This application is subject to withdrawal from issue at the initiative 
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1 - £3 This communication is responsive to 07/21/2006 . 

2. £3 The allowed claim(s) is/are 1.2.4-9. 1 1-20.22-27 and 29-39 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a) □ All b)C|Some* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 
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International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
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4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 
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(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 
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(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 
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DETAILED ACTION 
EXAMINER'S AMENDMENT 

1 . An examiner's amendment to the record appears below. Should the changes and/or 
additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the 
payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview with 
Kevin J. Zilka on August 9, 2006. 

Examiner initiated interview has been made with Kevin J. Zilka to incorporate allowable 
features, "wherein the at least one of the procedures further includes analyzing responses to the 
first and second requests", into all base claims, and Kevin J. Zilka agreed to the changes. 

2. Examiner amends claims 1, 13-14, 18, 31-32, and 36-38 cancels claims 12 and 30. 

1 . (Currently Amended) A method for detecting modifications to risk assessment scanning 
caused by an intermediate device, comprising: 

(a) initiating a risk assessment scan at and on a target, from a remote source utilizing a 
network; 

(b) determining whether the risk assessment scan at and on the target involves an 
intermediate device coupled between the target and the remote source; 
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(c) receiving results of the risk assessment scan from the target utilizing the 
network; and 

(d) notifying an administrator if it is determined that the risk assessment scan at and on the 
target involves the intermediate device, wherein additional operations are carried out to 
improve ariskassessmentat and on the target in view of the presence of the intermediate 
device coupled between the target and the remote source; 

wherein a plurality of procedures are utilized to determine whether the risk assessment 
scan involves the intermediate device; 

wherein at least one of the procedures includes transmitting a first request for content to 
the target utilizing the network, and transmitting a second request for a cached version of 
the content to the target utilizing the network^) ; and 

wherein at least one of the procedures further includes analyzing responses to the first and 
second requests. 

12. (Canceled) 

13. (Currently Amended) The method as recited in clainTt2~ 1, wherein the at least one of 
the procedures further includes indicating that the risk assessment scan involves the intermediate 
device based on the analysis. 

14. (Currently Amended) The method as recited in claim +3 1 , wherein the at least one of the 
procedures further includes indicating that the risk assessment scan involves the intermediate 
device if the responses to the requests are different. 
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1 8. (Currently Amended) A computer program product for detecting modifications to risk 
assessment scanning caused by an intermediate device, comprising: 

(a) computer code for initiating a risk assessment scan at and on a target, from a remote 
source utilizing a network; 

(b) computer code for determining whether the risk assessment scan at and on the target 
involves an intermediate device coupled between the target and the remote source; 

(c) computer code for receiving results of the risk assessment scan from the target utilizing the 
network; and 

(d) computer code for notifying an administrator if it is determined that the risk assessment 
scan at and on the target involves the intermediate device; 

wherein additional operations are carried out to improve a risk assessment at and on the 
target in view of the presence of the intermediate device coupled between the target and the 
remote source; 

wherein a plurality of procedures are utilized to determine whether the risk assessment scan 
involves the intermediate device; 

wherein at least one of the procedures includes transmitting a first request for content to 
the target utilizing the network, and transmitting a second request for a cached version of 
the content to the target utilizing the networks ; and 

wherein at least one of the procedures further includes analyzing responses to the first and 
second requests. 
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30. (Canceled) 

31 . (Currently Amended) The computer program product as recited in claim-30-I, wherein 
the at least one of the procedures further includes indicating that the risk assessment scan 
involves the intermediate device based on the analysis. 

32. (Currently Amended) The computer program product as recited in claim^TX wherein 
the at least one of the procedures further includes indicating that the risk assessment scan 
involves the intermediate device if the responses to the requests are different. 

36. (Currently Amended) A system for detecting modifications to risk assessment scanning 
caused by an intermediate device, comprising: 

(a) logic for initiating a risk assessment scan at and on a target, from a remote source 
utilizing a network; 

(b) logic for determining whether the risk assessment scan at and on the target involves an 
intermediate device coupled between the target and the remote source; 

(c) logic for receiving results of the risk assessment scan from the target utilizing the 
network; and 

(d) logic for notifying an administrator if it is determined that the risk assessment scan at and 
on the target involves the intermediate device; 
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wherein additional operations are carried out to improve a risk assessment at and on the 
target in view of the presence of the intermediate device coupled between the target and 
the remote source; 

wherein a plurality of procedures are utilized to determine whether the risk assessment 
scan involves the intermediate device; 

wherein at least one of the procedures includes transmitting a first request for content to 
the target utilizing the network, and transmitting a second request for a cached version of 
the content to the target utilizing the networks ; and 

wherein at least one of the procedures further includes analyzing responses to the first and 
second requests. 

37. (Currently Amended) A method for detecting modifications to risk assessment scanning 
caused by a proxy server, comprising: 

(a) initiating a risk assessment scan at and on a target, from a remote source utilizing a 
network; 

(b) executing a plurality of procedures to determine whether the risk assessment scan at and 
on the target involves a proxy server coupled between the target and the remote source; 

(c) said procedures utilizing a plurality of parameters selected from the group consisting of 
an ip ttl flag, a tcp_win flag, a via tag, and a host header value; 

(d) receiving results of the risk assessment scan from the target utilizing the network; 
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(e) flagging the results of the risk assessment scan if at least one of the procedures indicates 
that the risk assessment scan involves a proxy server coupled between the target and the 
remote source: and 

(f) notifying an administrator if the results of the risk assessment scan at and on the target are 
flagged; 

wherein additional operations are carried out to improve a risk assessment at and on the 
target in view of the presence of the proxy server coupled between the target and the \ 
remote source; 

wherein at least one of the procedures includes transmitting a first request for content to 
the target utilizing the network, and transmitting a second request for a cached version of 
the content to the target utilizing the network?^ ; and 

wherein at least one of the procedures further includes analyzing responses to the first and 
second requests. 

38. (Currently Amended) (Currently Amended) A computer program product for detecting 
modifications to risk assessment scanning caused by a proxy server, comprising: 

(a) computer code for initiating a risk assessment scan at and on a target, from a remote 
source utilizing a network; 

(b) computer code for executing a plurality of procedures to determine whether the risk 
assessment scan at and on the target involves a proxy server coupled between the target 
and the remote source; 

(c) said procedures utilizing a plurality of parameters selected from the group consisting 
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of an ip_ttl flag, a t c p win flag, a via tag, and a host header value; 

(d) computer code for receiving results of the risk assessment scan from the target utilizing 
the network; 

(e) computer code for flagging the results of the risk assessment scan if at least one of the 
procedures indicates that the risk assessment scan involves a proxy server coupled 
between the target and the remote source; 

(f) computer code for notifying an administrator if the results of the risk assessment scan at 
and on the target are flagged; 

wherein additional operations are carried out to improve a risk assessment at and on the 
target in view of the presence of the proxy server coupled between the target and the 
remote source; 

wherein at least one of the procedures includes transmitting a first request for content to 
the target utilizing the network, and transmitting a second request for a cached version of 
the content to the target utilizing the network(.) ; and 

wherein at least one of the procedures further includes analyzing responses to the first and 
second requests. 

Allowable Subject Matter 

3. The following is an examiner's statement of reasons for allowance: 
Claims 1-2, 4-9, 1 1-20, 22-27, and 29-39 are allowed. 

Claims 1,18, and 36-38: Prior art of record neither alone nor in combination teach a 
method/product/system for detecting modifications to risk assessment scanning caused by an 
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intermediate device, comprising initiating a risk assessment scan at and on a target, from a 
remote source utilizing a network; determining whether the risk assessment scan at and on the 
target involves an intermediate device coupled between the target and the remote source; 
receiving results of the risk assessment scan from the target utilizing the network; and 
performing plurality of procedures to determine whether the risk assessment scan involves the 
intermediate device; wherein at least one of the procedures includes transmitting a first request 
for content to the target utilizing the network, and transmitting a second request for a cached 
version of the content to the target utilizing the network, analyzing responses to the first and 
second requests and indicating that the risk assessment scan involves the intermediate device if 
the response to the request are different. 

Claims 2, 4-9, 11,13-17, 19-20, 22-27, 29, 31-35 and 39 are allowed because of 
dependency. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the issue 
fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for 
Allowance." 

4. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Eleni A. Shiferaw whose telephone number is 571-272-3867. 
The examiner can normally be reached on Mon-Fri 8:00am-5:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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